Apple released security updates for its cellphones, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.
The most recent updates include iOs 11.2.1 and tvOS 11.2.1 which both patch a message handling issue in the respective products, that could allow a remote attacker to unexpectedly alter application state, according to a Dec. 13 US-CERT advisory.
The vulnerabilities were addressed with improved input validation. Apple also updated its iCloud for Windows in its version 7.2 to address a privacy issue in the use of its client certificates. If left unpatched, the flaw would have allowed an attacker in a privileged network position to track a user.
A day earlier, Apple released security fixes for its AirPort Express, AirPort Extreme and AirPort Time Capsule 802.11n and 802.11AC base stations. If left unpatched, these issues would have allowed an attacker on the same Wi-Fi to force nonce reuse in WPA unicast/PTK clients KRACK attacks.
